Phase II year
2014
(last award dollars: 2015)
Phase II Amount
$2,248,201
The Sentar veriScan tool is a software assurance product for analyzing and assessing both source and binary software files for the presence of program vulnerabilities, coding weaknesses, and malicious intent. VeriScan automates the execution of a critical mass of analysis programs for verifying large scale, implicitly trusted software systems; performs risk assessments; reports on those risks in the face of reuse; and provides decision support to enable the mitigation of any risks identified. VeriScan provides unique software assurance capabilities not typically found in commercial software products, including: 1) analysis of both source and binary files, 2) analysis for both known and previously undiscovered malware, 3) an integrated risk assessment of potentially conflicting analysis results, and 4) detection of classified information spillage in source code comments or in variable and function names. These capabilities combined make veriScan a far more comprehensive tool than current commercial tools and products. When comparing the utility of veriScan with commercial products, veriScan requires little training to use and targets a much lower price point for user licensing fees. Approved for Public Release 14-MDA-7739 (18 March 14).
Keywords: Software assurance, software supply chain, static analysis, malware analysis, risk assessment, decision support, classified information spillage, vulnerabilities and weaknesse